Chapter 6: Protecting High-Risk Registry Entries


Overview

Microsoft introduced the registration database (the registry) as a way for Windows to locate pertinent configuration information in one location. It exists in all versions of Windows, including 64-bit and Windows CE. Prior to the registry, most applications, and even Windows, installed their own configuration files (often ending with the .INI file extension). Ini files could be installed anywhere on the hard drive, and be structured however the developer liked.

Unfortunately, the use of separate configuration files led to end user confusion, lost configuration files, and operational problems.

The registration database offered a hierarchical database schema that developers and administrators could use to simplify registration and configuration information. Whether or not the registry met this goal is debatable. What isn't debatable is that malicious programmers learned to use the registry to compromise Windows machines with much success. Today, it is the rare malware program that doesn't manipulate the registry to do its misdeed. This chapter discusses the registry and its different sections in depth, lists the high-risk keys, and then describes defenses against malicious misuse.



Professional Windows Desktop and Server Hardening
Professional Windows Desktop and Server Hardening (Programmer to Programmer)
ISBN: 0764599909
EAN: 2147483647
Year: 2004
Pages: 122

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net